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DETAILED ACTION 

1. Amendment received on 04/26/2005 has been entered. Claims 1, 3, 9-10, 12, 14- 
15, 20, and 29 are currently amended. 

2. Claims 1-29 are presented for examination. 

Priority 

3. No priority claims have been made. 

4. The effective filing date for the subject matter defined in the pending claims in 
this application is 12/10/2001. 

Claim Rejections - 35 USC §112 

5. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

6. Claims 1-14 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

7. Claim 1 recites the limitation "the identified network device" in the last line. There 
is insufficient antecedent basis for this limitation in the claim. Claims 2-14 depended on 
the rejected claim and therefore are also rejected. 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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9. Claims 1-29 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Acharya et al. (U.S. Patent Number 6,829,709), hereinafter referred to as Acharya in 
view of Weldon et al. (U.S. Patent Number 6,366,563), hereinafter referred to as 
Weldon, and further in view of Ylonen (U.S. Patent Number 6,795,917). 

10. Regarding claim 1 , Acharya disclosed a method allowing for dynamic detection of 
network devices located along a communications path that include compatible 
transformation tunnel capabilities (column 3 line 66-column 4 line 9, column 4 lines 45- 
51, column 5 lines 30-48), at least one of the network devices operative to recognize 
probe requests and transmit a probe response including transformation tunnel 
capabilities in response to the probe request (column 2 lines 16-36, column 4 lines 52- 
65, column 5 lines 30-48, column 8 lines 54-65), the method comprising the steps of: 
identify network devices having compatible transformation tunnel capabilities (column 2 
lines 16-36, column 5 lines 30-48, column 7 lines 29-40); and, if a network device is 
identified, transforming subsequent data flows, or subsequent packets in the first data 
flow, to the destination host from a first state to a second state and tunneling the data 
flows, or the subsequent packets in the first data flow, to the identified network device 
(column 2 lines 16-36, column 4 lines 1-10, lines 52-65, column 5 lines 30-48). 

1 1 . Acharya taught the invention substantially as claimed. However, Acharya did not 
expressly teach a method of detecting a first data flow to a destination host and probing 
the path to the destination host to identify network devices having compatible 
transformation tunnel capabilities. 
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12. Acharya suggested exploration of art and/or provided a reason to modify the 
method of Acharya with probing feature to identify networl< devices along the 
communication path (column 2 lines 17-27. column 8 lines 48-65). 

13. Weldon disclosed a method of detecting a first data flow to a destination host and 
probing the path to the destination host to identify network devices having compatible^ 
transformation tunnel capabilities (Figure 2 signs 204, 207, column 4 lines 16-31, 
column 5 lines 25-55). 

14. It would have been obvious to one of ordinary skill in the art at the time of the 
invention was made to modify the method of Acharya with the teachings of Weldon to 
include the probing the communication path feature in order to offer flexibility and 
scalability features that would allow for independent upgrading and maintenance of the 
shared network since network operators do not need to manually secure IPSec tunnels 
for each of the IP nodes required to communication over the network (Weldon, column 6 
lines 54-67). 

15. The combination of Acharya and Weldon taught the invention substantially as 
claimed. However, the combination of Acharya and Weldon did not teach probing the 
path to the destination host to discover the network address of at least one of the 
network devices having compatible transformation tunnel capabilities and if a rietwork 
address of a networl< device is discovered in the probing step, performing 
transformation process to the subsequent data flows or packets in the first data flow and 
tunneling the data flows or packets in the first data flow to the discovered network 
device. 
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16. Weldon suggested exploration of art and/or provided a reason to modify the 
combination of Weldon and Acharya with additional features such as probing the path to 
discover the network address of available network devices (Figure 2 signs 204, 207, 
column 4 lines 16-31. column 5 lines 25-55, column 12 lines 34-39). 

17. Ylonen disclosed a method for packet authentication in the presence of network 
address translations and protocol conversions comprising probing the path to the 
destination host to discover the network address of at least one of the network devices 
having compatible transformation tunnel capabilities (Abstract, Figures 6-9, column 4 
lines 22-36, column 5 line 62-column 6 line 7) and if a network address of a network 
device is discovered in the probing step, performing transformation process to the 
subsequent data flows or packets in the first data flow and tunneling the data flows or 
packets in the first data flow to the discovered network device (Figures 6-9, column 13 
lines 56-67). 

1 8. It would have been obvious to one of ordinary skill in the art at the time of the 
invention was made to modify the combined method of Acharya and Weldon with the 
teachings of Ylonen to include the discover the network address feature in order to offer 
flexibility and scalability features that would allow for independent upgrading and 
maintenance of the shared network (Weldon, column 6 lines 54-63). With the use of 
probing routers, it is possible to easily scale a VPN according to customer requirements 
(column 6 lines 63-67). 

19. Regarding claim 2, Weldon disclosed a method wherein the probing step 
comprises the steps of transmitting a probe request to the destination host; and 
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receiving a probe response from a network device in the path to the destination host 
(column 3 lines 3-27, column 5 lines 37-55). 

20. Regarding claim 3, Acharya disclosed a method further comprising the step of 
transforming, at the discovered network device, the data flows from the second state 
[transformation] to a third state [inverse transformation]; and transmitting the data flows 
to the destination host (column 4 lines 45-51, column 5 lines 30-40). 

21 . Regarding claim 4, Acharya disclosed a method wherein the third state is 
substantially the same as the first state [re-transformation] (column 4 lines 45-51 , 
column 5 lines 30-40). 

22. Regarding claim 5, Weldon disclosed a method wherein the probing step is 
conditioned on detection of a threshold level of activity associated with the destination 
host (column 4 lines 16-31, column 11 lines 21-42). 

23. Regarding claim 6, Weldon disclosed a method wherein the threshold level of 
activity comprises a minimum number of data flows to the destination host over an 
analysis interval (column 11 lines 21-42). 

24. Regarding claim 7, Weldon disclosed a method wherein the threshold level of 
activity comprises a minimum number of bytes transmitted to the destination host over 
an analysis interval (column 11 lines 21-42). 

25. Regarding claim 8, Weldon disclosed a method wherein the threshold level of 
activity comprises a minimum average data flow rate associated with the destination 
host over an analysis interval (column 1 1 lines 21-42). 

26. Regarding claims 9-10, Weldon disclosed a method further comprising the step 
of selecting the network device furthest along the path to the destination host, if a 
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plurality of network devices are identified in the probing step (column 3 lines 36-53, 
column 11 line 65-column 12 line 14). 

27. Regarding claim 11, Acharya disclosed a method wherein the responding 
network devices transmit probe responses in response to probe requests, wherein the 
probe responses are TCP/IP packets including a predefined Time-To-Live value; and 
the selecting step is determined on the basis of the Time-To-Live values of the probe 
responses transmitted by the plurality of network devices (column 7 line 62-column 8 
line 22). 

28. Regarding claim 12, Acharya disclosed a method wherein the transforming step 
comprises compressing data associated with the data flows in a format the discovered 
network device can decompress (column 1 lines 26-30, column 4 lines 1-9, lines 45-51). 

29. Regarding claim 13, Acharya disclosed a method wherein the transforming step 
comprises caching data associated with the data flows [servers, routers, firewalls, etc. 
were well-known devices at the time of the invention was made to have caching 
functionalities] (column 3 line 66-clumn 4 line 9). 

30. Regarding claim 14, Acharya disclosed a method wherein the transforming step 
comprises encrypting data associated with the data flows in a format the discovered 
network device can decrypt (column 1 lines 26-30, column 4 lines 1-9, lines 45-51). 

31. Regarding claim 15, Acharya, Weldon, and Ylonen combined disclose a method 
allowing for optimization of communications paths associated with a computer network 
by dynamic detection of network devices located along a communications path that 
include compatible transformation tunnel capabilities (Acharya, column 3 line 66-column 
4 line 9, column 4 lines 45-51, column 5 lines 30-48), at least one of the network 
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devices operative to recognize probe requests and transmit a probe response including 
transformation tunnel capabilities in response to the probe request (Acharya, column 2 
lines 16-36, column 5 lines 30-48. column 7 lines 29-40). the method comprising the 
steps of: detecting a data flow to a destination host; if the path to the destination host 
has not been probed, then probing the path to the destination host to identify network 
devices having compatible transformation tunnel capabilities (Weldon, Figure 2 signs 
204, 207, column 4 lines 16-31, column 5 lines 25-55); and, associating a network 
device identified in the probing step with the destination host; and, if a network device is 
associated with a destination host, transforming data flows to the destination host from 
a first state to a second state and tunneling the data flows to the associated network 
device (Acharya, column 2 lines 16-36, column 4 lines 1-10, lines 52-65. column 5 lines 
30-48). Ylonen disclosed a method for packet authentication in the presence of network 
address translations and protocol conversions comprising probing the path to the 
destination host to discover the network address of at least one of the network devices 
having compatible transformation tunnel capabilities (Abstract, Figures 6-9, column 4 
lines 22-36, column 5 line 62-column 6 line 7) and if a network address of a network 
device is discovered in the probing step, performing transformation process to the 
subsequent data flows or packets in the first data flow and tunneling the data flows or 
packets in the first data flow to the discovered network device (Figures 6-9, column 13 
lines 56-67). 

32. Regarding claims 16-21 . the limitations of these claims are similar to the claimed 
limitations of claims 2-5 and 10-11, and thus these claims are rejected using the same 
rationale. 
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33. Regarding claim 22, Acharya, Weldon, and Ylonen combined disclose an 
apparatus allowing for automatic detection of network devices located in a 
communications path that include compatible transformation tunnel capabilities 
(Acharya, column 3 line 66-column 4 line 9, column 4 lines 45-51, column 5 lines 30- 
48), comprising: a packet processor operably connected to a computer network to 
monitor data flows traversing communication paths associated with the computer 
network to respective destination hosts (Weldon, Figure 2, column 5 lines 25-55); a 
transformation tunnel mechanism including transformation tunnel capabilities operative 
to transform data flows from a first state to a second state (Acharya, column 2 lines 16- 
36, column 4 lines 1-10, lines 52-65, column 5 lines 30-48); wherein the transformation 
tunnel mechanism is further operative to establish a tunnel with a network device having 
compatible transformation tunnel capabilities located in a communications path 
associated with the computer network (Acharya, column 4 lines 36-51, column 5 lines 
30-48); a probe module operative to probe for network devices along communications 
paths to destination hosts that include compatible transformation tunnel capabilities in 
response to data flows detected by the packet processor (Weldon, Figure 2, column 5 
lines 25-55); wherein the probe module is further operative to obtain the network 
address of a network having compatible transformation tunnel capabilities (Ylonen, 
Abstract, Figures 6-9, column 4 lines 22-36, column 5 line 62-column 6 line 7, column 
13 lines 56-67); wherein the probe module is operative to associate destination hosts 
with respective network devices along communication paths thereto having compatible 
transformation tunnel capabilities (Weldon, column 5 lines 25-55); wherein the packet 
processor is further operative to channel data flows to the transformation tunnel 
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mechanism, wherein the channeled data flows are bound for destination hosts 
associated with network devices identified by the probe module (Weldon, Figure 2, 
column 5 lines 25-55; Acharya. column 5 lines 30-48); 

34. Regarding claim 23, Weldon disclosed an apparatus wherein the probe module is 
operative to transmit probe requests along communication paths to destination hosts in 
response to new data flows, and wherein the probe request causes compatible network 
devices along the path to communicate transformation tunnel capabilities to the 
apparatus (column 5 lines 38-55. column 2 lines 47-67, column 10 lines 41-50). 

35. Regarding claim 24, Weldon disclosed an apparatus wherein the packet 
processor is operative to identify new destination hosts associated with data flows and 
store the computer network address of the destination host in a database (Figure 6 sign 
S607. column 3 lines 3-27. column 5 lines 25-37). 

36. Regarding claim 25, Weldon disclosed an apparatus wherein the probe module 
stores network devices having compatible transformation tunnel capabilities in the 
database in association with corresponding destination hosts (Figure 6 sign S607, 
column 3 lines 3-27, column 5 lines 25-37). 

37. Regarding claim 26, Acharya disclosed an apparatus further comprising a traffic 
class engine operative to classify data flows traversing the packet processor into one of 
a plurality of traffic types; wherein traffic types associated with data flows are operative 
to condition the operation of the probe module with respect to the destination hosts 
associated with such data flows (column 1 lines 26-47, column 4 lines 45-51 , column 5 
lines 30-48). 
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38. Regarding claim 27, Acharya disclosed an apparatus further comprising a traffic 
class engine operative to classify data flows traversing the packet processor into one of 
a plurality of traffic types; wherein the traffic types associated with the data flows are 
operative to condition the channeling of such data flows to the transformation tunnel 
mechanism (column 1 lines 26-47, column 4 lines 45-51, column 5 lines 30-48). 

39. Regarding claim 28, Weldon disclosed an apparatus wherein traffic types 
associated with data flows are further operative to condition the operation of the probe 
module with respect to the destination hosts associated with such data flows (column 5 
lines 25-37). 

40. Regarding claim 29, the system corresponds to the apparatus of claim 22, and 
thus these claims are rejected using the same rationale. In addition, Ylonen disclosed 
wherein the probe module is further operative to obtain the network address of a 
network device having compatible transformation tunnel capabilities (Ylonen, Abstract, 
Figures 6-9. column 4 lines 22-36. column 5 line 62-column 6 line 7, column 13 lines 56- 
67) and Acharya disclosed a system wherein at least one network device operably 
connected to the computer network (Figures 1-2), wherein the network device 
comprises a transformation tunnel mechanism including at least one transformation 
tunnel capability (column 4 lines 1-10, column 5 lines 30-48); wherein the network 
device is operative to communicate transformation tunnel capabilities to the tunnel 
probing device in response to probe requests (column 4 lines 36-51 , column 5 lines 30- 
48). 

41 . Since all the limitations of the claimed invention were disclosed by the 
combination of Acharya. Weldon, and Ylonen. claims 1-29 are rejected. 
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Response to Arguments 

42. Applicant's arguments with respect to the pending claims have been considered 
but are moot in view of the new ground(s) of rejection. 

43. As the rejection reads, Examiner asserts that the combination of these teachings 
render the claimed invention obvious. 

Conclusion 

44. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

45. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Refer to the enclosed PTO-892 for details. 

46. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tam (Jenny) Phan whose telephone number is (571) 
272-3930. The examiner can normally be reached on M-F 9:00-5:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David A. Wiley can be reached on (571) 272-3923. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
3900. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Tarn T. Phan 
July 12, 2005 
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